Hyperledger Fabric BYFN之配置基础篇

参考https://hyperledger-fabric.readthedocs.io/en/release-1.2/build_network.html

Build your first network是Hyperledger Fabric官方最详细的例子, 目录对应

fabric-samples/first-network, 动手时间到。

1. Hyperledger Fabric启动入口

复习下Hyperledger Fabric基础的网络篇，启动一个区块链网络首先要搭建什么？如果不清楚最好看完基础篇。答案是Orderer服务。

Hyperledger Fabric使用docker镜像fabric-orderer启动Orderder服务，BYFN的命令行为

docker-compose -f docker-compose-cli.yaml up -d

我们看下docker-compose-cli.yaml内容

# Copyright IBM Corp. All Rights Reserved.

#

# SPDX-License-Identifier: Apache-2.0

#

version: '2'

volumes:

orderer.example.com:

peer0.org1.example.com:

peer1.org1.example.com:

peer0.org2.example.com:

peer1.org2.example.com:

networks:

byfn:

services:

orderer.example.com:

extends:

file: base/docker-compose-base.yaml

service: orderer.example.com

container_name: orderer.example.com

networks:

- byfn

peer0.org1.example.com:

container_name: peer0.org1.example.com

extends:

file: base/docker-compose-base.yaml

service: peer0.org1.example.com

networks:

- byfn

peer1.org1.example.com:

container_name: peer1.org1.example.com

extends:

file: base/docker-compose-base.yaml

service: peer1.org1.example.com

networks:

- byfn

peer0.org2.example.com:

container_name: peer0.org2.example.com

extends:

file: base/docker-compose-base.yaml

service: peer0.org2.example.com

networks:

- byfn

peer1.org2.example.com:

container_name: peer1.org2.example.com

extends:

file: base/docker-compose-base.yaml

file: base/docker-compose-base.yaml

service: peer0.org2.example.com

networks:

- byfn

peer1.org2.example.com:

container_name: peer1.org2.example.com

extends:

file: base/docker-compose-base.yaml

service: peer1.org2.example.com

networks:

- byfn

cli:

container_name: cli

image: hyperledger/fabric-tools:$IMAGE_TAG

tty: true

stdin_open: true

environment:

- GOPATH=/opt/gopath

- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

#- CORE_LOGGING_LEVEL=DEBUG

- CORE_LOGGING_LEVEL=INFO

- CORE_PEER_ID=cli

- CORE_PEER_ADDRESS=peer0.org1.example.com:7051

- CORE_PEER_LOCALMSPID=Org1MSP

- CORE_PEER_TLS_ENABLED=true

- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt

- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer

command: /bin/bash

volumes:

- /var/run/:/host/var/run/

- ./../chaincode/:/opt/gopath/src/github.com/chaincode

- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/

- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/

- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts

depends_on:

- orderer.example.com

- peer0.org1.example.com

- peer1.org1.example.com

- peer0.org2.example.com

- peer1.org2.example.com

networks:

SERVICES定义了1个orderer, 4个peer, 一个cli, 都基于docker-compose-base.yaml作为模板, 启动cli命令行(基于fabric-tool镜像)，depends_on的依赖关系意味着cli启动的时候要先把orderer和4个peer服务都启动了。

看下order.example.com服务的配置：

Orderer服务的全称为orderer.example.com.

container_name定义在docker中的进程名.

networks定义归属byfn区块链网络.

extends定义继承使用docker-compose-base.yaml中orderer.example.com中的配置。

我们继续看下docker-compose-base.yaml中orderer.example.com的配置内容:

orderer.example.com:

container_name: orderer.example.com

image: hyperledger/fabric-orderer:$IMAGE_TAG

environment:

- ORDERER_GENERAL_LOGLEVEL=INFO

- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0

- ORDERER_GENERAL_GENESISMETHOD=file

- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block

- ORDERER_GENERAL_LOCALMSPID=OrdererMSP

- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp

# enabled TLS

- ORDERER_GENERAL_TLS_ENABLED=true

- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key

- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt

- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]

working_dir: /opt/gopath/src/github.com/hyperledger/fabric

command: orderer

volumes:

- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block

- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp

- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls

- orderer.example.com:/var/hyperledger/production/orderer

ports:

- 7050:7050

image定义了使用的docker镜像fabric-orderer.

environment定义了docker运行的容器中的环境变量,例如指定了日志级别,监听地址,生成创世块方式和路径，本地MSP路径,以及orderer开启TLS使用的私钥，自签名证书和CA证书。

其中ORDERER_GENERAL_GENSISFILE指定了创世块文件名字,orderer启动需要创世块。

working_dir定义容器中的工作目录.

command实际执行的orderer命令.

volumes定义的外部主机和容器的路径卷映射(需要了解下docker中存储的映射)。

ports定义了外部主机和内部容器的端口映射, 即7051是orderer的监听端口。

那么启动启动orderer依赖的TLS,MSP这些文件如何生成呢? 我们来介绍cryptogen这个命令

2. cryptogen命令生成相关密钥,证书和MSP

执行以下命令行提示生成两个组织

[root@localhost first-network]# cryptogen generate --config=./crypto-config.yaml

org1.example.com

org2.example.com

我们看下crypto-config.yaml内容

# Copyright IBM Corp. All Rights Reserved.

#

# SPDX-License-Identifier: Apache-2.0

#

# ---------------------------------------------------------------------------

# "OrdererOrgs" - Definition of organizations managing orderer nodes

# ---------------------------------------------------------------------------

OrdererOrgs:

# ---------------------------------------------------------------------------

# Orderer

# ---------------------------------------------------------------------------

- Name: Orderer

Domain: example.com

# ---------------------------------------------------------------------------

# "Specs" - See PeerOrgs below for complete description

# ---------------------------------------------------------------------------

Specs:

- Hostname: orderer

# ---------------------------------------------------------------------------

# "PeerOrgs" - Definition of organizations managing peer nodes

# ---------------------------------------------------------------------------

PeerOrgs:

# ---------------------------------------------------------------------------

# Org1

# ---------------------------------------------------------------------------

- Name: Org1

Domain: org1.example.com

EnableNodeOUs: true

# ---------------------------------------------------------------------------

# "Specs"

# ---------------------------------------------------------------------------

# Uncomment this section to enable the explicit definition of hosts in your

# configuration. Most users will want to use Template, below

#

# Specs is an array of Spec entries. Each Spec entry consists of two fields:

# - Hostname: (Required) The desired hostname, sans the domain.

# - CommonName: (Optional) Specifies the template or explicit override for

# the CN. By default, this is the template:

#

# "{{.Hostname}}.{{.Domain}}"

#

# which obtains its values from the Spec.Hostname and

# Org.Domain, respectively.

# ---------------------------------------------------------------------------

# Specs:

# - Hostname: foo # implicitly "foo.org1.example.com"

# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above

# - Hostname: bar

# - Hostname: baz

# ---------------------------------------------------------------------------

# "Template"

# ---------------------------------------------------------------------------

# Allows for the definition of 1 or more hosts that are created sequentially

# from a template. By default, this looks like "peer%d" from 0 to Count-1.

# You may override the number of nodes (Count), the starting index (Start)

# or the template used to construct the name (Hostname).

#

# Note: Template and Specs are not mutually exclusive. You may define both

# sections and the aggregate nodes will be created for you. Take care with

# name collisions

# ---------------------------------------------------------------------------

Template:

Count: 2

# Start: 5

# Hostname: {{.Prefix}}{{.Index}} # default

# ---------------------------------------------------------------------------

# "Users"

# ---------------------------------------------------------------------------

# Count: The number of user accounts _in addition_ to Admin

# ---------------------------------------------------------------------------

Users:

Count: 1

# ---------------------------------------------------------------------------

# Org2: See "Org1" for full specification

# ---------------------------------------------------------------------------

- Name: Org2

Domain: org2.example.com

EnableNodeOUs: true

Template:

Count: 2

Users:

Count: 1

主要定义了两大类组织, OrdererOrgs归为一类, PeerOrgs归为一类.

Name标记组织唯一名称.

Domain定义所属域名.

Specs 定义各自配置项信息.

EnableNodeOUs定义节点是否支持组织单元,前面基础章节MSP会员身份有介绍。

PeerOrgs使用两种方式定义组织,一种是Specs具体指定每个主机peer节点, 另外一种方式是使用Template批量生成节点, 参考上面配置的注释。

上面例子定义了一个orderer, 两个组织, 每个组织下两个Peer.

具体生成了什么内容了, 我们看下当前目录下的crypto-config文件夹:

[root@localhost crypto-config]# pwd

/mnt/sda3/fabric-samples/first-network/crypto-config

[root@localhost crypto-config]# ll

总用量 8

drwxr-xr-x. 3 root root 4096 8月 24 23:19 ordererOrganizations

drwxr-xr-x. 4 root root 4096 8月 24 23:19 peerOrganizations

[root@localhost example.com]# pwd

/mnt/sda3/fabric-samples/first-network/crypto-config/ordererOrganizations/example.com

[root@localhost example.com]# ll

总用量 20

drwxr-xr-x. 2 root root 4096 8月 24 23:19 ca

drwxr-xr-x. 5 root root 4096 8月 24 23:19 msp

drwxr-xr-x. 3 root root 4096 8月 24 23:19 orderers

drwxr-xr-x. 2 root root 4096 8月 24 23:19 tlsca

drwxr-xr-x. 3 root root 4096 8月 24 23:19 users

[root@localhost peerOrganizations]# pwd

/mnt/sda3/fabric-samples/first-network/crypto-config/peerOrganizations

[root@localhost peerOrganizations]# ll

总用量 8

drwxr-xr-x. 7 root root 4096 8月 24 23:19 org1.example.com

drwxr-xr-x. 7 root root 4096 8月 24 23:19 org2.example.com

3. Orderer服务启动

再回头看下docker-compose-base.yaml中orderer.example.com的配置内容:

orderer.example.com:

container_name: orderer.example.com

image: hyperledger/fabric-orderer:$IMAGE_TAG

environment:

- ORDERER_GENERAL_LOGLEVEL=INFO

- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0

- ORDERER_GENERAL_GENESISMETHOD=file

- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block

- ORDERER_GENERAL_LOCALMSPID=OrdererMSP

- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp

# enabled TLS

- ORDERER_GENERAL_TLS_ENABLED=true

- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key

- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt

- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]

working_dir: /opt/gopath/src/github.com/hyperledger/fabric

command: orderer

volumes:

- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block

- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp

- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls

- orderer.example.com:/var/hyperledger/production/orderer

ports:

- 7050:7050

Server.key, server.crt, ca.crt都有了, 差创世块genesis.block文件了， 使用以下命令行创建

[root@localhost first-network]# export FABRIC_CFG_PATH=$PWD

[root@localhost first-network]# configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block

2018-08-26 16:26:31.045 CST [common/tools/configtxgen] main -> WARN 001 Omitting the channel ID for configtxgen is deprecated. Explicitly passing the channel ID will be required in the future, defaulting to 'testchainid'.

2018-08-26 16:26:31.045 CST [common/tools/configtxgen] main -> INFO 002 Loading configuration

2018-08-26 16:26:31.067 CST [common/tools/configtxgen/encoder] NewChannelGroup -> WARN 003 Default policy emission is deprecated, please include policy specificiations for the channel group in configtx.yaml

2018-08-26 16:26:31.067 CST [common/tools/configtxgen/encoder] NewOrdererGroup -> WARN 004 Default policy emission is deprecated, please include policy specificiations for the orderer group in configtx.yaml

2018-08-26 16:26:31.068 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 005 Default policy emission is deprecated, please include policy specificiations for the orderer org group OrdererOrg in configtx.yaml

2018-08-26 16:26:31.111 CST [msp] getMspConfig -> INFO 006 Loading NodeOUs

2018-08-26 16:26:31.111 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 007 Default policy emission is deprecated, please include policy specificiations for the orderer org group Org1MSP in configtx.yaml

2018-08-26 16:26:31.123 CST [msp] getMspConfig -> INFO 008 Loading NodeOUs

2018-08-26 16:26:31.123 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 009 Default policy emission is deprecated, please include policy specificiations for the orderer org group Org2MSP in configtx.yaml

2018-08-26 16:26:31.123 CST [common/tools/configtxgen] doOutputBlock -> INFO 00a Generating genesis block

2018-08-26 16:26:31.125 CST [common/tools/configtxgen] doOutputBlock -> INFO 00b Writing genesis block

channel-artifacts文件夹下生成了genesis.block, 容器中映射为

/var/hyperledger/orderer/orderer.genesis.block

configtxgen命令实际读取的配置文件默认为configtxgen.yaml, 我们看下它对应的profile TwoOrgsOrdererGenesis, 对应蓝色字体。创世块是记账本的第一个区块，作用重大。配置有点啰嗦，但仔细过一遍。

# Copyright IBM Corp. All Rights Reserved.

#

# SPDX-License-Identifier: Apache-2.0

#

---

################################################################################

#

# Section: Organizations

#

# - This section defines the different organizational identities which will

# be referenced later in the configuration.

#

################################################################################

Organizations:

# SampleOrg defines an MSP using the sampleconfig. It should never be used

# in production but may be used as a template for other definitions

- &OrdererOrg

# DefaultOrg defines the organization which is used in the sampleconfig

# of the fabric.git development environment

Name: OrdererOrg

# ID to load the MSP definition as

ID: OrdererMSP

# MSPDir is the filesystem path which contains the MSP configuration

MSPDir: crypto-config/ordererOrganizations/example.com/msp

- &Org1

# DefaultOrg defines the organization which is used in the sampleconfig

# of the fabric.git development environment

Name: Org1MSP

# ID to load the MSP definition as

ID: Org1MSP

MSPDir: crypto-config/peerOrganizations/org1.example.com/msp

AnchorPeers:

# AnchorPeers defines the location of peers which can be used

# for cross org gossip communication. Note, this value is only

# encoded in the genesis block in the Application section context

- Host: peer0.org1.example.com

Port: 7051

- &Org2

# DefaultOrg defines the organization which is used in the sampleconfig

# of the fabric.git development environment

Name: Org2MSP

# ID to load the MSP definition as

ID: Org2MSP

MSPDir: crypto-config/peerOrganizations/org2.example.com/msp

AnchorPeers:

# AnchorPeers defines the location of peers which can be used

# for cross org gossip communication. Note, this value is only

# encoded in the genesis block in the Application section context

- Host: peer0.org2.example.com

Port: 7051

################################################################################

#

# SECTION: Capabilities

#

# - This section defines the capabilities of fabric network. This is a new

# concept as of v1.1.0 and should not be utilized in mixed networks with

# v1.0.x peers and orderers. Capabilities define features which must be

# present in a fabric binary for that binary to safely participate in the

# fabric network. For instance, if a new MSP type is added, newer binaries

# might recognize and validate the signatures from this type, while older

# binaries without this support would be unable to validate those

# transactions. This could lead to different versions of the fabric binaries

# having different world states. Instead, defining a capability for a channel

# informs those binaries without this capability that they must cease

# processing transactions until they have been upgraded. For v1.0.x if any

# capabilities are defined (including a map with all capabilities turned off)

# then the v1.0.x peer will deliberately crash.

#

################################################################################

Capabilities:

# Channel capabilities apply to both the orderers and the peers and must be

# supported by both. Set the value of the capability to true to require it.

Global: &ChannelCapabilities

# V1.1 for Global is a catchall flag for behavior which has been

# determined to be desired for all orderers and peers running v1.0.x,

# but the modification of which would cause incompatibilities. Users

# should leave this flag set to true.

V1_1: true

# Orderer capabilities apply only to the orderers, and may be safely

# manipulated without concern for upgrading peers. Set the value of the

# capability to true to require it.

Orderer: &OrdererCapabilities

# V1.1 for Order is a catchall flag for behavior which has been

# determined to be desired for all orderers running v1.0.x, but the

# modification of which would cause incompatibilities. Users should

# leave this flag set to true.

V1_1: true

# Application capabilities apply only to the peer network, and may be safely

# manipulated without concern for upgrading orderers. Set the value of the

# capability to true to require it.

Application: &ApplicationCapabilities

# V1.2 for Application is a catchall flag for behavior which has been

# determined to be desired for all peers running v1.0.x, but the

# modification of which would cause incompatibilities. Users should

# leave this flag set to true.

V1_2: true

################################################################################

#

# SECTION: Application

#

# - This section defines the values to encode into a config transaction or

# genesis block for application related parameters

#

################################################################################

Application: &ApplicationDefaults

# Organizations is the list of orgs which are defined as participants on

# the application side of the network

Organizations:

################################################################################

#

# SECTION: Orderer

#

# - This section defines the values to encode into a config transaction or

# genesis block for orderer related parameters

#

################################################################################

Orderer: &OrdererDefaults

# Orderer Type: The orderer implementation to start

# Available types are "solo" and "kafka"

OrdererType: solo

Addresses:

- orderer.example.com:7050

# Batch Timeout: The amount of time to wait before creating a batch

BatchTimeout: 2s

# Batch Size: Controls the number of messages batched into a block

BatchSize:

# Max Message Count: The maximum number of messages to permit in a batch

MaxMessageCount: 10

# Absolute Max Bytes: The absolute maximum number of bytes allowed for

# the serialized messages in a batch.

AbsoluteMaxBytes: 99 MB

# Preferred Max Bytes: The preferred maximum number of bytes allowed for

# the serialized messages in a batch. A message larger than the preferred

# max bytes will result in a batch larger than preferred max bytes.

PreferredMaxBytes: 512 KB

Kafka:

# Brokers: A list of Kafka brokers to which the orderer connects

# NOTE: Use IP:port notation

Brokers:

- 127.0.0.1:9092

# Organizations is the list of orgs which are defined as participants on

# the orderer side of the network

Organizations:

################################################################################

#

# Profile

#

# - Different configuration profiles may be encoded here to be specified

# as parameters to the configtxgen tool

#

################################################################################

Profiles:

TwoOrgsOrdererGenesis:

Capabilities:

<<: *ChannelCapabilities

Orderer:

<<: *OrdererDefaults

Organizations:

- *OrdererOrg

Capabilities:

<<: *OrdererCapabilities

Consortiums:

SampleConsortium:

Organizations:

- *Org1

- *Org2

TwoOrgsChannel:

Consortium: SampleConsortium

Application:

<<: *ApplicationDefaults

Organizations:

- *Org1

- *Org2

Capabilities:

<<: *ApplicationCapabilities

Profile TwoOrgsOrdererGenesis

定义了全局的通道兼容性ChannelCapabilities, 具体多看下注释, 貌似V1_1设置为true就可以兼容v1.0.x版本，一般默认吧。

定义了Order, 对应到OrdererDefaults配置内容，使用orderType是solo, 没用kafka, 还配置了solo相关的监听地址，批量处理最大值和超时时间等。在进阶配置篇我们再学习kafka配置。

定义了区块链网络的联盟Consortiums为SampleConsortium, 包含了组织Org1和Org2。其实打开genesis.block的内容看下, 注释包含了Org1和Org2证书相关的MSP信息，组织的Anchor Peer等信息打到区块中，确实容易让人误会以为配置文件里面有的内容都会打包到区块，实际上-outputBlock选项只是打包以上说的这些基础数据。

启动cli顺路都会启动orderer, 其实peer也会被启动, 因为docker-compose-cli.yaml定义了, 证书也都生成了，peer并未加入区块链网络。

[root@localhost first-network]# docker-compose -f docker-compose-cli.yaml up -d

Creating network "net_byfn" with the default driver

Creating volume "net_orderer.example.com" with default driver

Creating volume "net_peer0.org1.example.com" with default driver

Creating volume "net_peer1.org1.example.com" with default driver

Creating volume "net_peer0.org2.example.com" with default driver

Creating volume "net_peer1.org2.example.com" with default driver

Creating peer0.org1.example.com ... done

Creating peer0.org2.example.com ... done

Creating peer1.org2.example.com ... done

Creating peer1.org1.example.com ... done

Creating orderer.example.com ... done

Creating cli ... done

我们看下docker容器启动的进程

[root@localhost first-network]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

f1f0fe5f2133 hyperledger/fabric-tools:latest "/bin/bash" 3 minutes ago Up 3 minutes cli

8816783a79ce hyperledger/fabric-orderer:latest "orderer" 3 minutes ago Up 3 minutes 0.0.0.0:7050->7050/tcp orderer.example.com

1b47b97495f0 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com

51c166bdce76 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com

b8112247baf6 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com

0fc1e47832d5 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp peer0.org1.example.com

4. 创建通道和加入通道

区块链网络有了, orderer网络管理节点有了, peer是启动了，但没加入网络和通道，以下命令行验证下（验证完后请exit退出docker容器命令行）。

[root@localhost first-network]# docker exec -it cli bash

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel list

2018-08-26 09:35:02.325 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Channels peers has joined:

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# echo $CORE_PEER_ADDRESS

peer0.org1.example.com:7051

回想下区块链网络基础章节，orderer定义联盟SampleConsortium， 但是没有通道，需要向orderer发送一个配置的请求，使用configtxgen生成。

[root@localhost first-network]# export CHANNEL_NAME=mychannel

[root@localhost first-network]#

[root@localhost first-network]# configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME

2018-08-26 17:53:10.167 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration

2018-08-26 17:53:10.183 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx

2018-08-26 17:53:10.183 CST [common/tools/configtxgen/encoder] NewApplicationGroup -> WARN 003 Default policy emission is deprecated, please include policy specificiations for the application group in configtx.yaml

2018-08-26 17:53:10.184 CST [msp] getMspConfig -> INFO 004 Loading NodeOUs

2018-08-26 17:53:10.184 CST [common/tools/configtxgen/encoder] NewApplicationOrgGroup -> WARN 005 Default policy emission is deprecated, please include policy specificiations for the application org group Org1MSP in configtx.yaml

2018-08-26 17:53:10.184 CST [msp] getMspConfig -> INFO 006 Loading NodeOUs

2018-08-26 17:53:10.184 CST [common/tools/configtxgen/encoder] NewApplicationOrgGroup -> WARN 007 Default policy emission is deprecated, please include policy specificiations for the application org group Org2MSP in configtx.yaml

2018-08-26 17:53:10.186 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 008 Writing new channel tx

[root@localhost first-network]# cd channel-artifacts/

[root@localhost channel-artifacts]# ll

总用量 20

-rw-r--r--. 1 root root 346 8月 26 17:53 channel.tx

-rw-r--r--. 1 root root 12655 8月 26 16:26 genesis.block

[root@localhost channel-artifacts]#

看到channel.tx即生成成功，同理也是用configtxgen生成，我们看下对应配置文件configtx.yaml中Profile TwoOrgsChannel 的配置。

TwoOrgsChannel:

Consortium: SampleConsortium

Application:

<<: *ApplicationDefaults

Organizations:

- *Org1

- *Org2

Capabilities:

<<: *ApplicationCapabilities

主要配置所属联盟为SampleConsortium, 配置的通道可用的两个组织。 我们看下channel.tx的内容, 貌似也是简单的定义了通道名称，所属联盟，用到的MSP, 兼容性版本配置，Admin,读写权限等? -outputCreateChannelTx选项也只是生成配置文件中的部分内容。

我们需要进去到cli容器中创建通道

[root@192 first-network]# docker exec -it -e LINES=(tput lines) -e COLUMNS=(tput cols) cli bash

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

2018-08-30 17:10:28.077 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2018-08-30 17:10:28.124 UTC [cli/common] readBlock -> INFO 002 Got status: &{NOT_FOUND}

2018-08-30 17:10:28.130 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized

2018-08-30 17:10:28.339 UTC [cli/common] readBlock -> INFO 004 Received block: 0

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer#

加入通道并验证下是否加入成功

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel join -b mychannel.block

2018-08-30 17:19:27.903 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2018-08-30 17:19:27.964 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel list

2018-08-30 17:20:13.861 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Channels peers has joined:

mychannel

通道虽说是建立好了，实际上从配置文件configtx.yaml可看到，每个Org实际需要配置一个或多个Anchor Peer锚节点（用于跨组织的gossip通信协议，后面服务发现提到），下面我们把当前的peer节点设置为锚节点，先生成 tx文件。

[root@192 first-network]# export CHANNEL_NAME=mychannel

[root@192 first-network]# configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP

2018-08-31 01:38:34.650 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration

2018-08-31 01:38:34.662 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update

2018-08-31 01:38:34.662 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update

我们看下生成的Org1MSPanchors.tx文件

切到cli容器向orderer更新通道, orderer是区块链网络的管理节点。

[root@192 first-network]# docker exec -it -e LINES=(tput lines) -e COLUMNS=(tput cols) cli bash

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

2018-08-30 17:55:31.054 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2018-08-30 17:55:31.078 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update

5. 安装和运行链码

在cli容器中执行

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/

2018-08-30 18:08:22.619 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc

2018-08-30 18:08:22.619 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc

2018-08-30 18:08:24.760 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" >

Hyperledger Fabric总能安装配置好, 但链码作为智能合同的实现，我们是必须详细学习的。

-n指定链码名称.

-v指定链码的版本.

-p指定链码的路径,默认是go语言实现.

初始化链码

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')"

2018-08-30 18:18:12.800 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc

2018-08-30 18:18:12.800 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc

为什么初始化链码的时候要和orderer通信?不是直接peer节点安装初始化使用吗? 复习下区块链网络的更新几个步骤，orderer需要验证更新的背书策略和采访权限，orderer需要知道这些信息, 实例化链码的时候就需要orderer知道了。 这个例子-P指定策略， 必须要Org1和Org2的背书节点通过才能更新。

调用链码

查询简单些

[root@192 first-network]# docker exec -it -e LINES=(tput lines) -e COLUMNS=(tput cols) cli bash

root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel

root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'

90

下面是更新例子

root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'

2018-08-30 18:47:22.101 UTC [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200

链码这个调用最好./byfn.sh up那样完整的生成两个组织，四个节点， 需要干净的环境就使用./byfn.sh down清理再执行./byfn.sh up

更新这里指定了两个Peer， 一般指定对应的背书节点就好，当然发送个通道的所有Peer节点。

基础配置篇暂时到此，如果你心中有不少疑问就对了， BYFN毕竟只是个演示的demo, 如果用在商用可够呛。 更完善的使用和配置我们将在配置进阶篇中讲解。